大多数台式计算机都信任SSL证书,但只有一些Android设备。 但是,即使在证书不可信的Android设备上,也会安装根证书。
我一定试过了解决这个问题的方法,但是我认为这与AddTrust External CA Root (可能与SHA-256指纹缺失?)有关。
编辑1
我相信我在证书链中包含了新的中介证书,但SSL实验室仍然报告说它不存在(即使点击“清除caching”button)。
编辑2
要明确我所做的:
我已login到WHM并单击“在域中安装SSL证书”选项。
我input了域名“www.angusaustralia.com.au”。
我input了IP地址“27.124.127.2”。
我已经input了发给我的证书。
----- BEGIN CERTIFICATE ----- MIIFnDCCBISgAwIBAgIRAP / vaD7B7JaVJvqC2H7jiDcwDQYJKoZIhvcNAQELBQAw gZMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMTkwNwYD VQQDEzBVU0VSVHJ1c3QgUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2 ZXIgQ0EwHhcNMTYwNjI3MDAwMDAwWhcNMTcwNjI3MjM1OTU5WjCBhzEhMB8GA1UE CxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMScwJQYDVQQLEx5Ib3N0ZWQgYnkg Q3JhenkgRG9tYWlucyBGWi1MTEMxFTATBgNVBAsTDEVzc2VudGlhbFNTTDEiMCAG A1UEAxMZd3d3LmFuZ3VzYXVzdHJhbGlhLmNvbS5hdTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBALbDVHckJORMdY0 / ygZqo0jjI02E883VpyL0RCeq7wuI wkCWys3L1v6ZjW45wBEbsYGwpZMV3 / IdXYTc5cO5ke4bYnXP4y5NbteVvNOQi1sX FMf8DlpJ + K0ZRcWQVIpsSIRRslXUPw4PWu27Q6Sgp1JuVa2YhXu7hSshIrIhkslT BX / IL67ZZfwo3wpMoig271yGHT4y1KAz9BfLTqVftL8n7uCKYFj3vo5E44czqSRl wYdQgSOLUc1G7jt33fCV8t + hXbKR0WdutTwdBQfftp2ZCSYwKCgCl3yDSLnqbbI + 8GdFuLM4c1ZZwbFfJiKSZ5qDBg0IeODgIRdxSDmirDECAwEAAaOCAfMwggHvMB8G A1UdIwQYMBaAFKbB5 + H09kdj1y99jZD4uiNPYKyeMB0GA1UdDgQWBBRbjv4H +桑达 CnGTcCoBdTIGeUPOOjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH / BAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTAYDVR0gBEUwQzA3BgwrBgEEAbIx AQIBAwQwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAI BgZngQwBAgEwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3Qu Y29tL1VTRVJUcnVzdFJTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j cmwwgYoGCCsGAQUFBwEBBH4wfDBTBggrBgEFBQcwAoZHaHR0cDovL2NydC51c2Vy dHJ1c3QuY29tL1VTRVJUcnVzdFJTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2 ZXJDQS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20w OwYDVR0RBDQwMoIZd3d3LmFuZ3VzYXVzdHJhbGlhLmNvbS5hdYIVYW5ndXNhdXN0 cmFsaWEuY29tLmF1MA0GCSqGSIb3DQEBCwUAA4IBAQCfA2SHg1DtKmHvipfT3REv yowcSTu7 / PbKsOAnxdFlnfziKImPJcAwR7PWQoAFAG3pqfk0lGpxkeXN4UhXRs6m MlKKy1xY5H8B4hytCAQDzfZGx0lL4ajeLDsZ439YsHR33abhkf6IieHG412x6PkO csr8NFqevOnxAXkjV4yvfQIPk8sGkzT4rdIlMAS7ZW39wKGe31rYrHFXo1EJqswE mFjMfYtteExXW1e5RqNyecYZ / A8mkJduqiMNvpEzAtDVzKh49bxB4gI97UsIfA9G 4k2KzJArfl + gUFucAIPWEwO2ljXMgOmHCtuTycUmir2KDg5OIDzv7M5snwMVNQs7 -----结束证书-----
我已经input了私钥(下面没有列出)。
我已经input了以下证书钥匙链(以下有很多组合,但是我认为这个“更长”的钥匙串应该可以工作,正如SSLLabs网站的讨论)。 这个钥匙串包括旧的“USERTrust RSA证书颁发机构”,旧的设备应该信任它。
----- BEGIN CERTIFICATE ----- MIIGFzCCA / + gAwIBAgIQckB41CE86gO / FOVeP1YCNzANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMTQwODIyMDAwMDAwWhcNMjkwODIxMjM1OTU5WjCBkzELMAkGA1UE BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxOTA3BgNVBAMTMFVTRVJUcnVzdCBSU0EgRG9tYWluIFZh bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMTDft1Zl + V3Koj2wygf ++ oaX4pvUTmt0zbGzThksBeNYpMzdR1ahJz9RSsMTsRMuichj06TmJbi 91hvyjuX8jrq1Ep0dS27m9ZgVNToCltsxAj8diDPs / UyAwMiLCPKldQMf4h0Gnii3pWtKJlJw09O CqiEmFdJg1DXbRFG5N5iSO4fyKAtD4aDEo + BY1qi + uT3X / RzO + T73WO0BpZGL6OH4sVXhKFY + z6q t22LbsTT2vH0rlFyYav9iZFuZlM0rUYMcLJm9yU8L659pwVdAo0YVfv3x42QsQF9W7qNGCndhHNI ehLGpV7j2KwaBKq9GFD8BxcpxjUAMhuESdWDa80CAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5 v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBSmwefh9PZHY9cvfY2Q + LojT2CsnjAOBgNVHQ8B Af8EBAMCAYYwEgYDVR0TAQH / BAgwBgEB / wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8v Y3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmww dgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNF UlRydXN0UlNBQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVz dC5jb20wDQYJKoZIhvcNAQEMBQADggIBAELQvN4Fo + l0anb2ajsD /的Baf / 7IsyDmPEmfYADO2mpz3 QWmEOsuc2 / jbHyLoryNQq9PHUSngzRmfe7N + iFfqF5p8 / sbFUbwQrN4e5yXDagrFakztUlxFXR73 fwIk5Rc9KmIDudq7yqzN68To4sbUpzopPg76AKejfkb3Y8V0yEm2TMsFP2W7d8S6O74TO4PpfR3Q Ef5KItzX6cWubJ7e2dpRXMaocoLTzTX8ZJlP52 / LUN / ALjMOga4aZkRIMY0S1X8w1ywERvkcm63Q ZnXROlOHmK8cGlHrKaenPnxkipEXhRWoNvlTVVBTH8CjDsaNN + jPMij + feO6mLvXYlNieyW2YU6 / G7lMYVNIDczcFby6xUu1pHuDUAmyS0Qn2snHrevLaFzh60jQ / gfmWO2K2vtwhFQDnUF / dq7M8tfB vF2g / 8yHDsZIJ1t4PGW6sFfqczJhwEf6LdNn / d / ealgg + IYdixjChRsMd1CaavxPXfD6k7U4aX91 sL25B8zQn5 / yTpTq0oKTJQgsaQSmB6OYkS8dUIW7Q9XLmSboySMzBNK6MPW24hAsYx2gGTOM1Xtl O / V515Q4HCaMS6OhVNGJnncATAT / a7FiMeWxe3shQ2pVT4dfiHkHB92qGrLc / aVFJ1lo + vqB4aqk ILjAI7MLPZQY2MnnThQyv6WWAcpxZi4H -----结束证书----- ----- BEGIN CERTIFICATE ----- MIIFdzCCBF + gAwIBAgIQE + oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBvMQswCQYDVQQG EwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEw NDgzOFoXDTIwMDUzMDEwNDgzOFowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4w LAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00ytUINh4qogTQktZAnczomf zD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF + mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR 1GJk23 + jBvGIGGqQIjy8 / hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ / VDP + fmyc / xadGL1RjjWmp2bI cmfbIWax1Jt4A8BQOujM8Ny8nkz + rwWWNR9XWrf / zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8i NK5 + O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU + / bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiVZ4vu PVB + DNBpDxsP8yUmazNt925H + nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9N6frXTpsNVzbQdcS 2qlJC9 / YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sFqV4Wg8y4Z + LoE53MW4LTTLPtW //È 5XOsIzstAL81VXQJSdhJWBp / kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10 YY + xUGUJ5lhCLkMaTLTwJUdZ + gQek9QmRkpQgbLevni3 / GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgE JTm4Diup8kyXHAc / DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9 / rEJlTv A73gJMtUGjAdBgNVHQ4EFgQUU3m / WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH / BAQDAgGGMA8G A1UdEwEB / wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6 Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcB AQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEM BQADggEBAJNl9jeDlQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23 +了Wm gZWnRtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQYzYhBx9G / 2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8Le9Gclc1Bb + 7RrtubTeZ tv8jkpHGbkD4jylW6l / VXxRTrPBPYer3IsynVgviuDQfJtl7GQVoP7o81DgGotPmjw7jtHFtQELF hLRAlSv0ZaBIefYdgWOWnU914Ph85I6p0fKtirOMxyHNwu8 = -----结束证书-----
编辑3
迈克尔汉普顿给出的答案是正确的。 然而,他提出的解决scheme之所以不起作用,是因为WHM在更新证书权限包时存在一个错误 。 发生此错误时,无论您将什么文本粘贴到“ 证书颁发机构包”字段(在SSL / TLS – >在域中安装SSL证书页上), 尽pipeWHM为您提供了一个不同的CA包, 成功的消息 。
您的域的证书有两个path到两个不同的根证书颁发机构。
在现代桌面浏览器(如Google Chrome)以及更新的Android版本上,所采用的path是更新的USERTrust RSAauthentication机构根证书。 (我在Android 7.0 NPD90G上得到这个。)
在较旧的Android版本中,正在使用的path是旧版本的AddTrust External CA Root根证书。
在第二条路上,你缺less一个中间证书。 这是SSL实验室testing中显示的“额外下载”。 为了解决这个问题,您需要获取这个中间证书并将其添加到您的Web服务器的证书链中。